CVE-2012-2122 (retired)

Priority
Description
sql/password.c in Oracle MySQL 5.1.x before 5.1.63, 5.5.x before 5.5.24,
and 5.6.x before 5.6.6, and MariaDB 5.1.x before 5.1.62, 5.2.x before
5.2.12, 5.3.x before 5.3.6, and 5.5.x before 5.5.23, when running in
certain environments with certain implementations of the memcmp function,
allows remote attackers to bypass authentication by repeatedly
authenticating with the same incorrect password, which eventually causes a
token comparison to succeed due to an improperly-checked return value.
Notes
 jdstrand> mysql-cluster-7.0 not supported per Ubuntu Server team
Assigned-to
mdeslaur
Package
Upstream:released (5.1.63)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Package
Upstream:released (5.5.24)
Ubuntu 12.04 ESM (Precise Pangolin):released (5.5.25-0ubuntu1)
Patches:
Upstream:http://bazaar.launchpad.net/~mysql/mysql-server/5.1/revision/3560.10.17
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Package
Upstream:released (5.1.63)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
More Information

Updated: 2019-03-26 12:01:46 UTC (commit ccdecfcf0fead22bd291e5f4ea745a46872dcb15)